Unverified Commit 0aad4b7e authored by aszlig's avatar aszlig
Browse files

chromium: Update all channels to latest versions. 

Overview of the updated versions:

stable: 40.0.2214.91 -> 40.0.2214.115
beta:   41.0.2272.16 -> 41.0.2272.64
dev:    41.0.2272.16 -> 42.0.2305.3

Introduces 42.0.2305.3 as the new dev version, which no longer requires
our user namespaces sandbox patch. Thanks to everyone participating in
https://crbug.com/312380

 for finally having this upstream.

In the course of supporting the official namespace sandbox (that's what
the user namespace sandbox is called), a few things needed to be fixed
for version 42:

 * Add an updated nix_plugin_paths.patch, because the old
   one tries to patch the path for libpdf, which is now natively included
   in Chromium.

 * Don't copy libpdf.so to libexec path for version 42, it's no longer
   needed as it's completely built-in now.

 * Disable SUID sandbox directly in the source instead of going the easy
   route of passing --disable-setuid-sandbox. The reason is that with
   the command line flag a nasty nagbar will appear.

Signed-off-by: default avataraszlig <aszlig@redmoonstudios.org>
parent d15d0beb

pkgs/applications/networking/browsers/chromium/browser.nix

+4 −2
Original line number Diff line number Diff line
@@ -12,8 +12,10 @@ mkChromiumDerivation (base: rec { 
    cp -v "$buildPath/"*.pak "$buildPath/"*.bin "$libExecPath/"

    cp -v "$buildPath/icudtl.dat" "$libExecPath/"

    cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/"

    cp -v "$buildPath/libpdf.so" "$buildPath/libffmpegsumo.so" "$libExecPath/"



    cp -v "$buildPath/libffmpegsumo.so" "$libExecPath/"

    ${optionalString (versionOlder base.version "42.0.0.0") ''

      cp -v "$buildPath/libpdf.so" "$libExecPath/"

    ''}

    cp -v "$buildPath/chrome" "$libExecPath/$packageName"



    mkdir -vp "$out/share/man/man1"

pkgs/applications/networking/browsers/chromium/common.nix

+4 −2
Original line number Diff line number Diff line
@@ -135,11 +135,11 @@ let 
        -exec chmod u+w {} +

    '';



    postPatch = ''

    postPatch = optionalString (versionOlder version "42.0.0.0") ''

      sed -i -e '/base::FilePath exe_dir/,/^ *} *$/c \

        sandbox_binary = base::FilePath(getenv("CHROMIUM_SANDBOX_BINARY_PATH"));

      ' sandbox/linux/suid/client/setuid_sandbox_client.cc



    '' + ''

      sed -i -e '/module_path *=.*libexif.so/ {

        s|= [^;]*|= base::FilePath().AppendASCII("${libexif}/lib/libexif.so")|

      }' chrome/utility/media_galleries/image_metadata_extractor.cc
@@ -166,7 +166,9 @@ let 
      use_openssl = useOpenSSL;

      selinux = enableSELinux;

      use_cups = cupsSupport;

    } // optionalAttrs (versionOlder version "42.0.0.0") {

      linux_sandbox_chrome_path="${libExecPath}/${packageName}";

    } // {

      werror = "";

      clang = false;

      enable_hidpi = hiDPISupport;

pkgs/applications/networking/browsers/chromium/default.nix

+3 −1
Original line number Diff line number Diff line
@@ -73,13 +73,15 @@ in stdenv.mkDerivation { 
    sandboxBinary = "${chromium.sandbox}/bin/chromium-sandbox";

    mkEnvVar = key: val: "--set '${key}' '${val}'";

    envVars = chromium.plugins.settings.envVars or {};

    isVer42 = !stdenv.lib.versionOlder chromium.browser.version "42.0.0.0";

    flags = chromium.plugins.settings.flags or [];

    setBinPath = "--set CHROMIUM_SANDBOX_BINARY_PATH \"${sandboxBinary}\"";

  in with stdenv.lib; ''

    mkdir -p "$out/bin" "$out/share/applications"



    ln -s "${chromium.browser}/share" "$out/share"

    makeWrapper "${browserBinary}" "$out/bin/chromium" \

      --set CHROMIUM_SANDBOX_BINARY_PATH "${sandboxBinary}" \

      ${optionalString (!isVer42) setBinPath} \

      ${concatStrings (mapAttrsToList mkEnvVar envVars)} \

      --add-flags "${concatStringsSep " " flags}"

pkgs/applications/networking/browsers/chromium/source/default.nix

+11 −2
Original line number Diff line number Diff line
@@ -9,7 +9,9 @@ with (import ./update.nix { 
  inherit (stdenv) system;

}).getChannel channel;



stdenv.mkDerivation {

let

  pre42 = versionOlder version "42.0.0.0";

in stdenv.mkDerivation {

  name = "chromium-source-${version}";



  src = fetchurl main;
@@ -22,7 +24,11 @@ stdenv.mkDerivation { 


  prePatch = "patchShebangs .";



  patches = [ ./sandbox_userns_36.patch ./nix_plugin_paths.patch ];

  patches = if pre42 then [

    ./sandbox_userns_36.patch ./nix_plugin_paths.patch

  ] else [

    ./nix_plugin_paths_42.patch

  ];



  postPatch = ''

    sed -i -r \
@@ -32,6 +38,9 @@ stdenv.mkDerivation { 
      build/common.gypi chrome/chrome_tests.gypi

  '' + optionalString useOpenSSL ''

    cat $opensslPatches | patch -p1 -d third_party/openssl/openssl

  '' + optionalString (!pre42) ''

    sed -i -e '/LOG.*no_suid_error/d' \

      "$main/content/browser/browser_main_loop.cc"

  '';



  outputs = [ "out" "sandbox" "bundled" "main" ];

pkgs/applications/networking/browsers/chromium/source/nix_plugin_paths_42.patch

0 → 100644
+93 −0
Original line number Diff line number Diff line 
diff --git a/chrome/common/chrome_paths.cc b/chrome/common/chrome_paths.cc

index 8a205a6..d5c24e1 100644

--- a/chrome/common/chrome_paths.cc

+++ b/chrome/common/chrome_paths.cc

@@ -97,21 +97,14 @@ static base::LazyInstance<base::FilePath>

     g_invalid_specified_user_data_dir = LAZY_INSTANCE_INITIALIZER;

 

 // Gets the path for internal plugins.

-bool GetInternalPluginsDirectory(base::FilePath* result) {

-#if defined(OS_MACOSX) && !defined(OS_IOS)

-  // If called from Chrome, get internal plugins from a subdirectory of the

-  // framework.

-  if (base::mac::AmIBundled()) {

-    *result = chrome::GetFrameworkBundlePath();

-    DCHECK(!result->empty());

-    *result = result->Append("Internet Plug-Ins");

-    return true;

-  }

-  // In tests, just look in the module directory (below).

-#endif

-

-  // The rest of the world expects plugins in the module directory.

-  return PathService::Get(base::DIR_MODULE, result);

+bool GetInternalPluginsDirectory(base::FilePath* result,

+                                 const std::string& ident) {

+  std::string full_env = std::string("NIX_CHROMIUM_PLUGIN_PATH_") + ident;

+  const char* value = getenv(full_env.c_str());

+  if (value == NULL)

+      return PathService::Get(base::DIR_MODULE, result);

+  else

+      *result = base::FilePath(value);

 }

 

 }  // namespace

@@ -248,11 +241,11 @@ bool PathProvider(int key, base::FilePath* result) {

       create_dir = true;

       break;

     case chrome::DIR_INTERNAL_PLUGINS:

-      if (!GetInternalPluginsDirectory(&cur))

+      if (!GetInternalPluginsDirectory(&cur, "ALL"))

         return false;

       break;

     case chrome::DIR_PEPPER_FLASH_PLUGIN:

-      if (!GetInternalPluginsDirectory(&cur))

+      if (!GetInternalPluginsDirectory(&cur, "PEPPERFLASH"))

         return false;

       cur = cur.Append(kPepperFlashBaseDirectory);

       break;

@@ -285,7 +278,7 @@ bool PathProvider(int key, base::FilePath* result) {

       cur = cur.Append(FILE_PATH_LITERAL("script.log"));

       break;

     case chrome::FILE_FLASH_PLUGIN:

-      if (!GetInternalPluginsDirectory(&cur))

+      if (!GetInternalPluginsDirectory(&cur, "FILEFLASH"))

         return false;

       cur = cur.Append(kInternalFlashPluginFileName);

       break;

@@ -295,7 +288,7 @@ bool PathProvider(int key, base::FilePath* result) {

       cur = cur.Append(chrome::kPepperFlashPluginFilename);

       break;

     case chrome::FILE_EFFECTS_PLUGIN:

-      if (!GetInternalPluginsDirectory(&cur))

+      if (!GetInternalPluginsDirectory(&cur, "FILE_EFFECTS"))

         return false;

       cur = cur.Append(kEffectsPluginFileName);

       break;

@@ -308,7 +301,7 @@ bool PathProvider(int key, base::FilePath* result) {

     // We currently need a path here to look up whether the plugin is disabled

     // and what its permissions are.

     case chrome::FILE_NACL_PLUGIN:

-      if (!GetInternalPluginsDirectory(&cur))

+      if (!GetInternalPluginsDirectory(&cur, "NACL"))

         return false;

       cur = cur.Append(kInternalNaClPluginFileName);

       break;

@@ -343,7 +336,7 @@ bool PathProvider(int key, base::FilePath* result) {

         cur = cur.DirName();

       }

 #else

-      if (!GetInternalPluginsDirectory(&cur))

+      if (!GetInternalPluginsDirectory(&cur, "PNACL"))

         return false;

 #endif

       cur = cur.Append(FILE_PATH_LITERAL("pnacl"));

@@ -372,7 +365,7 @@ bool PathProvider(int key, base::FilePath* result) {

     // In the component case, this is the source adapter. Otherwise, it is the

     // actual Pepper module that gets loaded.

     case chrome::FILE_WIDEVINE_CDM_ADAPTER:

-      if (!GetInternalPluginsDirectory(&cur))

+      if (!GetInternalPluginsDirectory(&cur, "WIDEVINE"))

         return false;

       cur = cur.AppendASCII(kWidevineCdmAdapterFileName);

       break;